Notification of Authentication Service Upgrade for Some Tencent Cloud CVM APIs
Last updated: 2025-06-04 10:24:26
Notification of Authentication Service Upgrade for Some Tencent Cloud CVM APIs
Last updated: 2025-06-04 10:24:26
Background
Dear Tencent Cloud user, to meet Tencent Cloud security prevention requirements and further optimize the permission management feature for CVM APIs, block API unauthorized access security vulnerabilities, and safeguard customer asset security, Tencent Cloud will upgrade the authentication service for some CVM APIs whose names start with Describe and InquiryPrice on June 30, 2025. These APIs will be integrated with Cloud Access Management (CAM) for authentication. Please log in to the CAM console and complete API authorization before June 30, 2025 to avoid affecting usage. Otherwise, you cannot use relevant APIs, posing an excessive privilege risk.
Notes
If you complete authorization before this date, no impact will be imposed after the upgrade takes effect. Otherwise, you need to authorize the usage before calling APIs.
Upgrade Time
June 30, 2025 (Monday) (UTC+8)
Involved APIs
API Name | API Description |
DescribeRecommendZoneInstanceTypes | Recommend users to purchase instances with the same or similar models in the same or similar regions. |
DescribeZones | Query the availability zone list. |
DescribeZoneInstanceConfigInfos | Obtain the model configuration of an AZ. |
InquiryPriceRenewInstances | Inquire instance renewal price. |
DescribeInstanceConfigInfos | Query the static configuration of an instance. |
DescribeUserAvailableInstanceTypes | Display models available for users on the purchase page. |
DescribeInstanceTypeConfigs | Query the instance model list. |
DescribeRegions | Query region list. |
DescribeAccountQuota | Query user quota details. |
DescribeInstanceFamilyConfigs | Query the information on supported instance model families. |
DescribeInternetChargeTypeConfigs | Query the network billing type. |
DescribeAvailableFeatures | Query whether configured features are available. |
DescribeTask | Query the task information in the console. |
DescribeMarketImages | Query the market image list. |
DescribeInstanceTypeZoneStatus | Query the model sales status in relevant AZs. |
DescribeInstanceChargeTypeConfigs | Query billing modes supported by CVM. |
DescribeUserZoneStatus | Query the instance billing type status in AZs. |
Authorization Instructions
Method 1: Creating a Custom Policy and Binding It to Sub-users
Implementation Method
Create a policy for different sub-accounts based on the least privilege principle and bind the policy to sub-users.
Applicable Scenarios
This method applies to strict permission control scenarios that require refined control of the operation scope of each sub-user as needed. If it is unclear which sub-users will use the APIs pending access authorization, recommend authorization to all sub-users, and subsequently delete as needed.
Operation Steps
1. Go to the Policies page in the CAM console and click Create a custom policy in the upper left corner.
2. Choose Create by policy builder in the pop-up window of selecting the creation method, and configure relevant policy parameters.
3. Click Next, enter the Associate User/User Group/Roles page, edit the policy name, and click Select User.
4. Select the users to be associated in the Associate User pop-up window and click OK.
Method 2: Binding a Preset Policy to Sub-users
Implementation Method
Bind the preset policy QcloudCVMInnerReadOnlyAccess containing CVM read-only API operation permissions to sub-users.
Applicable Scenarios
This method applies to loose permission control scenarios that control the operation scope of each sub-user within the read-only API operation scope. Business personnel basically have operation permissions for all functional modules. If it is unclear which sub-users will use the APIs pending access authorization, recommend authorization to all sub-users, and subsequently delete as needed.
Operation Steps
1. Go to the Policies page in the CAM console, enter QcloudCVMInnerReadOnlyAccess in the search box, and click Associate User/Group/Role in the Operation column.
2. Select users/user groups/roles to be associated in Associate User/User Group/Role pop-up dialog box. Then, click OK to complete the association between the policy and users.
Method 3: Creating a Custom Policy and Binding It to Roles
Implementation Method
Create a policy for different roles based on the least privilege principle and bind the policy to roles.
Applicable Scenarios
This method applies to strict permission control scenarios that require refined control of the operation scope of each role as needed. This method can be used by customers who access CVM APIs through roles.
Operation Steps
1. Go to the Policies page in the CAM console and click Create a custom policy in the upper left corner.
2. Choose Create by policy builder in the pop-up window of selecting the creation method, and configure relevant policy parameters.
3. Click Next, enter the Associate User/User Group/Role page, edit the policy name, and bind the policy to roles.
Method 4: Binding a Preset Policy to Roles
Implementation Method
Bind the preset policy QcloudCVMInnerReadOnlyAccess containing CVM read-only operation permissions to roles.
Applicable Scenarios
This method applies to loose permission control scenarios that control the operation scope of each sub-user within the read-only API operation scope. Business personnel basically have operation permissions for all functional modules. This method can be used by customers who access CVM APIs through roles.
Operation Steps
1. Go to the Policies page in the CAM console, enter QcloudCVMInnerReadOnlyAccess in the search box, and click Associate User/Group/Role in the Operation column.
2. Select users/user groups/roles to be associated in Associate User/User Group/Role pop-up dialog box. Then, click OK to complete the association between the policy and users.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback